I’ve been testing some new Python-based CMSs and CMS-like software. I’ve heard of Plone before, but I never had a chance to check it out until now. I was a couple of days into my experimenting when I ran across this issue.

I have to say, the Plone team’s response was great. I got an almost immediate response from the security team, and a hotfix was pushed less than a week later.

Please see the following links for more information.

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35959
• https://community.plone.org/t/security-patch-20210518-version-1-5-released/14037
• https://pypi.org/project/Products.PloneHotfix20210518/
• https://plone.org/security/hotfix/20210518
• https://plone.org/security/hotfix/20210518/stored-xss-in-folder-contents